Adaptive Counteraction Against Denial of Service Attack

Abstract: The Internet of Things (IoT) is the next generation of networked society where billions of, everyday-life, devices are directly connected to the Internet and able to communicate with each other. In particular, the Constrained Application Protocol (CoAP) has become the de-facto IoT standard for communication at the application layer, as a lightweight web transfer protocol affordable also for resource-constrained platforms. However, as IoT devices are directly connected to the Internet, they are especially vulnerable to a number of security attacks including Denial of Service (DoS), which can seriously worsen their performance and responsiveness, and even make them totally unavailable to serve legitimate requests. In this Master's Thesis project, we have developed a cross-layer and context-aware approach that adaptively counteracts DoS attacks against CoAP server devices, by dynamically adjusting their operative state according to the attack intensity. This considerably limits the impact of DoS attacks and preserves service availability of victim devices to the best possible extent. The proposed approach leverages a trusted Proxy that adaptively shields victim devices, while effectively forwarding and caching messages if needed. We have made a proof-of-concept implementation of our solution for the Californium framework and the CoAP protocol, and experimentally evaluated its effectiveness in counteracting DoS and preserving availability of devices under attack. This Master's Thesis project has been conducted in collaboration with RISE SICS, a research institute for applied information and communication technology in Sweden.